WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5021)

Description

Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.

Remediation

References

Related Vulnerabilities

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11022)

Elgg Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4072)

ATutor Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-1000002)

ownCloud Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-4716)

Oracle Application Server CVE-2006-0283 Vulnerability (CVE-2006-0283)

Severity

Low

Classification

CVE-2014-5021 CWE-707

Tags

Missing Update Known Vulnerabilities